New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix authParams showing in log with secret string(*****) #8910
Conversation
@racorn Please help take a look, thanks. |
@hangc0276 Thanks for you contribution. Looks good, however I think you also should include the The code, as it is now, will always serialize Consider your test with the following modification: @Test
public void testLoadSecretParams2() {
ClientConfigurationData confData = new ClientConfigurationData();
Map<String, String> authParamMap = new HashMap<>();
authParamMap.put("k1", "v1");
confData.setServiceUrl("pulsar://unknown:6650");
confData.setAuthParams("");
confData.setAuthParamMap(authParamMap);
authParamMap.put("k2", "v2");
Map<String, Object> config = new HashMap<>();
config.put("serviceUrl", "pulsar://localhost:6650");
config.put("authParams", "testAuthParams");
// MODIFICATION: auth param map set on ClientConfigurationData but not on config override map
//config.put("authParamMap", authParamMap);
confData = ConfigurationDataUtils.loadData(config, confData, ClientConfigurationData.class);
assertEquals("pulsar://localhost:6650", confData.getServiceUrl());
assertEquals("testAuthParams", confData.getAuthParams());
assertEquals("v1", confData.getAuthParamMap().get("k1"));
assertEquals("v2", confData.getAuthParamMap().get("k2"));
final String secretStr = "*****";
try {
String confDataJson = new ObjectMapper().writeValueAsString(confData);
Map<String, Object> confDataMap = new ObjectMapper().readValue(confDataJson, Map.class);
assertEquals("pulsar://localhost:6650", confDataMap.get("serviceUrl"));
assertEquals(secretStr, confDataMap.get("authParams"));
assertEquals(secretStr, confDataMap.get("authParamMap"));
} catch (Exception e) {
Assert.fail();
}
}
Then the test fails with Thanks. |
…tats log (apache#15817) ### Motivation See apache#15483 The `@Secret` annotation works well, and introduced in apache#8910 ### Modifications - Revert the unneeded `@JsonIgnore` - remove `Assert.assertFalse(s.contains("Password"));` `Password` is printed in a key. The sensitive field's value is `****`. (cherry picked from commit 67361e8)
…tats log (apache#15817) ### Motivation See apache#15483 The `@Secret` annotation works well, and introduced in apache#8910 ### Modifications - Revert the unneeded `@JsonIgnore` - remove `Assert.assertFalse(s.contains("Password"));` `Password` is printed in a key. The sensitive field's value is `****`. (cherry picked from commit 67361e8) (cherry picked from commit f8bc91f)
…og (#15817) ### Motivation See #15483 The `@Secret` annotation works well, and introduced in #8910 ### Modifications - Revert the unneeded `@JsonIgnore` - remove `Assert.assertFalse(s.contains("Password"));` `Password` is printed in a key. The sensitive field's value is `****`. (cherry picked from commit 67361e8)
Fix #8509
Changes
Secret
interface andSecretsSerializer
for fields need to be shown in secret string(*****) when log to json stringSecret
tag forauthParams
andauthParamMap
inClientConfiguration